Client applications communicating over the Internet are faced with the problem that any Certificate Authority (CA) may issue a certificate for any domain. Client applications (such as for example web browsers) and/or human users may face difficulty detecting such problems.
Pinning a domain to a peer has been introduced as a solution to this problem but may suffer from problems such as:                requires additional operations for the domain or host operators to perform (e.g. to explicitly request the certificate pin)        requires additional operations to be performed by an application vendor (such as for example web browser vendor). For example, operations to manage relationships with external entities        additional interface or communications (typically out of band) between a domain or host and application vendors        performance issues or delays during application startup        managing or maintaining pin info        
Thus, various issues exist with certificate pinning, scalability issues in particular, and it might be advantageous to provide improvements.